diff --git a/src/network.sh b/src/network.sh
index 8de0285..f4cc818 100644
--- a/src/network.sh
+++ b/src/network.sh
@@ -4,7 +4,7 @@ set -Eeuo pipefail
 # Docker environment variables
 
 : ${DHCP:='N'}
-: ${CONTROL_PORTS:=''}
+: ${HOST_PORTS:=''}
 : ${MAC:='82:cf:d0:5e:57:66'}
 
 : ${VM_NET_DEV:=''}
@@ -141,22 +141,22 @@ configureNAT() {
 
   ip link set dev "$VM_NET_TAP" master dockerbridge
 
-  if  [[ -z "$CONTROL_PORTS" ]] && [[ "${DISPLAY,,}" == "vnc" ]]; then
-    CONTROL_PORTS="5900"
-  fi
-  
-  CONTROL_PORT_ARGS=""
-  for PORT in $CONTROL_PORTS ; do
-    CONTROL_PORT_ARGS="$CONTROL_PORT_ARGS ! --dport $PORT"
-  done
-
   # Add internet connection to the VM
   update-alternatives --set iptables /usr/sbin/iptables-legacy > /dev/null
   update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy > /dev/null
-  
+
+  if  [[ -z "$HOST_PORTS" ]] && [[ "${DISPLAY,,}" == "vnc" ]]; then
+    HOST_PORTS="5900"
+  fi
+
+  local PORT_ARGS=""
+  for PORT in $HOST_PORTS; do
+    PORT_ARGS="$PORT_ARGS ! --dport $PORT"
+  done
+
   iptables -t nat -A POSTROUTING -o "$VM_NET_DEV" -j MASQUERADE
   # shellcheck disable=SC2086
-  iptables -t nat -A PREROUTING -i "$VM_NET_DEV" -d "$IP" -p tcp $CONTROL_PORT_ARGS -j DNAT --to "$VM_NET_IP"
+  iptables -t nat -A PREROUTING -i "$VM_NET_DEV" -d "$IP" -p tcp $PORT_ARGS -j DNAT --to "$VM_NET_IP"
   iptables -t nat -A PREROUTING -i "$VM_NET_DEV" -d "$IP" -p udp  -j DNAT --to "$VM_NET_IP"
 
   if (( KERNEL > 4 )); then